CVE-2024-27275

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27275
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. IBM X-Force ID: 285203.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 VDB Entry
https://www.ibm.com/support/pages/node/7157637 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 VDB Entry
https://www.ibm.com/support/pages/node/7157637 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
History

21 Nov 2024, 09:04

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry
References () https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory () https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 7.4

03 Aug 2024, 12:15

Type Values Removed Values Added
CWE CWE-264

01 Aug 2024, 20:35

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
First Time Ibm
Ibm i
CWE CWE-287
CVSS v2 : unknown
v3 : 7.4 		v2 : unknown
v3 : 7.8
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/285203 - VDB Entry
References () https://www.ibm.com/support/pages/node/7157637 - () https://www.ibm.com/support/pages/node/7157637 - Vendor Advisory

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local causada por un requisito de autoridad insuficiente. Un usuario local sin privilegios de administrador puede configurar un activador de archivo físico para ejecutarlo con los privilegios de un usuario manipulado socialmente para acceder al archivo de destino. La corrección consiste en requerir privilegios de administrador para configurar la compatibilidad con activadores. ID de IBM X-Force: 285203.

15 Jun 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-15 14:15

Updated : 2024-11-21 09:04

NVD link : CVE-2024-27275

Mitre link : CVE-2024-27275

CVE.ORG link : CVE-2024-27275

JSON object : View

Products Affected

ibm

  • i
CWE
CWE-287

Improper Authentication


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024